As retailers prepare for the busiest time of the year, it’s important to take a proactive approach to cybersecurity.
As retailers work quickly to prepare network infrastructure for the influx of online traffic that comes during the holiday season, it’s important that their security teams are bolstering defenses too.
Last year, CISA and the FBI issued a warning that threat actors view holidays and weekends as attractive timeframes in which to target potential victims. With employees in and out of the office and consumers sharing sensitive information including credit card numbers, emails, addresses, and more, defenses are likely lowered and it’s the perfect time for an adversary to strike.
With Americans estimated to spend between $957 and $967 billion between November and December alone, adversaries are looking to cash in and exploit retailers using phishing scams, ransomware, and more. It’s important for retailers to be prepared.
The below cybersecurity experts have shared their thoughts on how retailers can stay safe during the 2023 holiday shopping season.
Randeep Gill, Principal Security Strategist, Exabeam
“With the upcoming sales for the holiday season, it is essential that both consumers and businesses are aware of the existing and evolving cyber risks. Recent studies have demonstrated that the average cost of a data breach in 2023 is 4.45 million, a 15% growth over 3 years, and retail is rife for adversaries.
The demand to enhance capabilities for e-commerce to cater for the increase in sales has inadvertently expanded the vector through which adversaries can operate. This busy time of year means that cybercriminals are not continuing to exploit vulnerabilities in online retail presences, but are also pursuing sophisticated methods of social engineering to gain access to credit card information.
“Whatever the motive, Machine Learning AI can be leveraged to help understand the nuances of any business and then prioritize risk through behavioral modeling. A multi-layered strategy should be employed throughout the year – using behavioral analytics to establish normal behavior for all users and assets in an organization. This will help businesses to better understand anomalies in their diverse environments that could be indicative of a breach”.
John Stringer, Head of Product, Next DLP
“Retailers witness an immense volume of sensitive information coming through their networks in the last quarter of the calendar year. Last year alone, holiday online retail sales in the U.S. reached nearly $240 billion dollars, with online sales reaching $37 billion in the five-day period between Black Friday and Cyber Monday. With all of these transactions, consumers include payment details, names, addresses, and more. As a result, threat actors often have retail organizations as their No.1 vertical during this time.
In order to stay protected, retailers must have robust data loss prevention strategies in place. These measures not only protect against external threats but also mitigate risks from internal ones, whether malicious or negligent. Ensuring that sensitive customer data is safeguarded is not just a matter of regulatory compliance, but a critical aspect of maintaining consumer trust and preserving the integrity of your business. Implementing advanced security protocols and continuous monitoring systems is not just advisable; it’s imperative in today’s digital age.”
By being proactive on cybersecurity measures, retailers can avoid the financial and reputational damages that come with a data breach. Using modern technology such as user entity behavioral analytics and having robust data loss prevention strategies in place can keep the holidays merry and bright for both retailers and consumers.
Patti Jo Rosenthal chats about her role as Manager of K-12 STEM Education Programs at ASME where she drives nationally scaled STEM education initiatives, building pathways that foster equitable access to engineering education assets and fosters curiosity vital to “thinking like an engineer.”